Stored Cross-Site Scripting Vulnerability in Phproject by Alanaktion
CVE-2025-57768

6.9MEDIUM

Key Information:

Vendor: Alanaktion
Status: PHProject
Vendor: CVE Published:; 21 August 2025

What is CVE-2025-57768?

Phproject, a full-featured project management system, is affected by a Stored Cross-Site Scripting vulnerability present in versions 1.8.0 to 1.8.2. This vulnerability occurs due to a lack of proper HTML encoding and sanitization in the Planned Hours field when creating new projects. An attacker can send a specially crafted payload through a POST request to the /issues/new/ endpoint, which is then reflected in the server's response. This enables the attacker to execute arbitrary JavaScript in the context of the victim's browser, potentially compromising user data and system security. The issue has been addressed in version 1.8.3, and users are urged to upgrade to this version to mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

phproject >= 1.8.0, < 1.8.3

References

https://github.com/Alanaktion/phproject/security/advisori...

x_refsource_CONFIRM

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Aug 19, 2025

JSON

Alanaktion

What is CVE-2025-57768?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.